dildi Skrevet 11. august 2008 Del Skrevet 11. august 2008 Har fulgt veiledning som ligger inne på siden her , og lurer på om noen kan se på loggene mine! Klikk for å se/fjerne innholdet nedenfor SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/11/2008 at 07:17 AM Application Version : 4.15.1000 Core Rules Database Version : 3529 Trace Rules Database Version: 1519 Scan type : Quick Scan Total Scan Time : 00:13:08 Memory items scanned : 534 Memory threats detected : 0 COMBOFIX: ComboFix 08-08-10.02 - 2008-08-11 7:25:55.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.391 [GMT 2:00] Running from: C:\Documents and Settings\\Mine dokumenter\ComboFix01.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:39, on 2008-08-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\vphc700.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\jobb\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://veronikadale.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216749101421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143290832375 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE -- End of file - 11912 bytes Registry items scanned : 490 Registry threats detected : 0 File items scanned : 11754 File threats detected : 0 Klikk for å se/fjerne innholdet nedenfor Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 (endret) Hei, og velkommen til forumet Jeg tror du har rotet litt. Du har bare seks linjer fra combofix, og deler av SAS-loggen ligger etter hijackthis-loggen. Dessuten er det en tom spoiler nederst. Prøv å få lagt ut combofix-loggen på nytt Endret 11. august 2008 av r2d290 Lenke til kommentar
dildi Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Ok, prøver igjen! Klikk for å se/fjerne innholdet nedenfor SAS-logg: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/11/2008 at 07:17 AM Application Version : 4.15.1000 Core Rules Database Version : 3529 Trace Rules Database Version: 1519 Scan type : Quick Scan Total Scan Time : 00:13:08 Memory items scanned : 534 Memory threats detected : 0 Registry items scanned : 490 Registry threats detected : 0 File items scanned : 11754 File threats detected : 0 COMBOFIX-logg: ComboFix 08-08-10.02 - 2008-08-11 15:02:54.8 - NTFSx86 Running from: C:\Documents and Settings\\Mine dokumenter\ComboFix01.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system\oeminfo.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))) . 2008-08-11 07:01 . 2008-08-11 07:51 <DIR> dr-h----- C:\Documents and Settings\\Siste 2008-08-11 06:50 . 2008-08-11 06:50 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-10 21:48 . 2008-08-10 21:48 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-10 21:48 . 2008-08-10 21:48 <DIR> d-------- C:\Documents and Settings\\Programdata\Malwarebytes 2008-08-10 21:48 . 2008-08-10 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-10 21:48 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 21:48 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-27 14:26 . 2008-08-04 22:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-27 14:26 . 2008-07-27 14:26 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-23 15:51 . 2008-07-29 00:02 <DIR> d-------- C:\Programfiler\PokerStars 2008-07-22 23:05 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-22 23:05 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-22 23:05 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-22 23:05 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-22 23:05 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-22 23:05 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-22 23:05 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-22 23:05 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-22 23:05 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-22 20:05 . 2008-07-22 20:05 <DIR> d-------- C:\Programfiler\Sun 2008-07-22 19:54 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-22 19:52 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-22 19:23 . 2008-04-14 09:22 76,288 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll 2008-07-22 19:23 . 2008-04-14 09:22 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll 2008-07-22 19:23 . 2001-10-09 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2008-07-22 19:23 . 2001-10-09 14:00 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2008-07-22 19:23 . 2001-10-09 14:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll 2008-07-22 19:21 . 2008-04-14 09:21 370,176 --a--c--- C:\WINDOWS\system32\dllcache\asp51.dll 2008-07-22 19:20 . 2008-04-14 09:22 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-22 19:16 . 2008-04-14 09:23 359,936 --a--c--- C:\WINDOWS\system32\dllcache\wmic.exe 2008-07-22 19:16 . 2008-04-14 09:22 92,672 --a--c--- C:\WINDOWS\system32\dllcache\policman.dll 2008-07-22 19:09 . 2008-04-14 10:34 1,246,067 -ra------ C:\WINDOWS\SETA1.tmp 2008-07-22 19:09 . 2008-04-14 10:28 1,088,840 -ra------ C:\WINDOWS\SETA4.tmp 2008-07-22 19:09 . 2008-04-14 10:28 16,825 -ra------ C:\WINDOWS\SETB0.tmp 2008-07-22 18:58 . 2008-04-14 10:29 475,118 -ra------ C:\txtsetup.sif 2008-07-22 18:58 . 2008-04-13 11:32 260,288 -ra------ C:\$LDR$ 2008-07-22 18:57 . 2008-07-22 18:58 <DIR> d-------- C:\$WIN_NT$.~BT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-11 05:38 --------- d-----w C:\Programfiler\Trend Micro 2008-07-31 19:36 --------- d-----w C:\Documents and Settings\\Programdata\LimeWire 2008-07-25 05:22 --------- d-----w C:\Documents and Settings\\Programdata\Azureus 2008-07-22 18:05 --------- d-----w C:\Programfiler\Java 2008-07-07 18:13 --------- d-----w C:\Programfiler\LimeWire 2008-07-03 19:50 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-02 21:48 --------- d-----w C:\Programfiler\Azureus 2008-07-01 21:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-01 21:25 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-07-01 21:25 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-01 21:25 --------- d-----w C:\Documents and Settings\\Programdata\SUPERAntiSpyware.com 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:36 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2007-08-04 19:13 12,840 ----a-w C:\Programfiler\ARA.ini 2007-06-04 19:37 456 ----a-w C:\Programfiler\INSTALL.LOG 2007-05-27 18:58 24 ----a-w C:\Programfiler\announce.txt 2007-05-27 18:56 0 ----a-w C:\Programfiler\llh.dll 2007-05-07 15:49 995,410 ----a-w C:\Programfiler\MFC42LU.DLL 2007-05-07 15:49 393,216 ----a-w C:\Programfiler\MSLUP60.dll 2007-05-07 15:49 237,568 ----a-w C:\Programfiler\MSLURT.dll 2007-04-18 08:59 679,936 ----a-w C:\Programfiler\libeay32.dll 2007-04-18 08:59 59,904 ----a-w C:\Programfiler\zlib1.dll 2007-04-18 08:59 147,728 ----a-w C:\Programfiler\ASYCFILT.DLL 2007-04-18 08:59 147,456 ----a-w C:\Programfiler\ssleay32.dll 2006-11-29 16:53 77,824 ----a-w C:\Programfiler\DM.dll 2006-11-07 07:53 258,352 ----a-w C:\Programfiler\UNICOWS.DLL . <pre> ----a-w 13,707,828 2007-12-09 22:02:17 C:\X-tra Utility\K-Lite Codec Pack Full 3.4.5\K-Lite Codec Pack 3.5.7 Full .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 11:12 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET" [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01 86016] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [N/A] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 10:39 167936] "DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30 1106944] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 08:38 69632] "dlccmon.exe"="C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 09:04 425984] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.EXE" [2008-06-02 14:46 273520] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "phc700"="C:\WINDOWS\vphc700.exe" [2005-07-20 19:56 339968] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 14:00 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 14:00 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 09:43 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 09:43 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 09:43 455168] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "C:\Programfiler\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-15 01:00 86016] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^TrayMin700.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\TrayMin700.exe.lnk backup=C:\WINDOWS\pss\TrayMin700.exe.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 1942\\BF1942.exe"= R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 10:58] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 15:00] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 10:03] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25] S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 15:21] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc51cf2-3247-11dd-9af1-000e2e66d518}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b95399fa-a9c5-11dc-9a8f-000e2e66d518}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-08-11 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . - - - - ORPHANS REMOVED - - - - Notify-AutorunsDisabled - cscdll.dll ddcbcaw.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=no&l=no&s=gen R1 -: HKCU-Internet Settings,ProxyOverride = <local> R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 -: {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programfiler\PartyCasino\RunCasino.exe O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programfiler\PartyPoker\RunApp.exe O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp08.photoprintit.de/microsite/5026/defaults/activex/ImageUploader3.cab C:\WINDOWS\Downloaded Program Files\ImageUploader_3.inf C:\WINDOWS\Downloaded Program Files\ImageUploader_3.ocx ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 15:06:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-08-11 15:07:24 ComboFix-quarantined-files.txt 2008-08-11 13:07:13 ComboFix2.txt 2008-06-30 15:10:25 ComboFix3.txt 2008-06-22 19:07:53 ComboFix4.txt 2008-02-02 23:40:09 ComboFix5.txt 2008-08-11 05:24:58 Pre-Run: 72,665,305,088 byte ledig Post-Run: 72,746,369,024 byte ledig 217 --- E O F --- 2008-08-08 10:09:01 HJT-logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:39, on 2008-08-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\vphc700.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\jobb\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://veronikadale.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216749101421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143290832375 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE -- End of file - 11912 bytes Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: C:\Programfiler\DM.dll Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\WINDOWS\SETA1.tmp C:\WINDOWS\SETA4.tmp C:\WINDOWS\SETB0.tmp C:\txtsetup.sif C:\$LDR$ Folder:: C:\$WIN_NT$.~BT Lagre det som CFScript Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet, sammen med en ny logg fra HijackThis. Lenke til kommentar
dildi Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Scan taken on 11 Aug 2008 19:27:04 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Lenke til kommentar
dildi Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Her er de nye loggene: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-08-10.05 - 2008-08-11 21:38:51.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.333 [GMT 2:00] Running from: C:\ComboFix01.exe Command switches used :: C:\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\$LDR$ C:\txtsetup.sif C:\WINDOWS\SETA1.tmp C:\WINDOWS\SETA4.tmp C:\WINDOWS\SETB0.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\$LDR$ C:\$WIN_NT$.~BT C:\$WIN_NT$.~BT\1394bus.sy_ C:\$WIN_NT$.~BT\abp480n5.sy_ C:\$WIN_NT$.~BT\acpi.sy_ C:\$WIN_NT$.~BT\acpiec.sy_ C:\$WIN_NT$.~BT\adpu160m.sy_ C:\$WIN_NT$.~BT\aha154x.sy_ C:\$WIN_NT$.~BT\aic78u2.sy_ C:\$WIN_NT$.~BT\aic78xx.sy_ C:\$WIN_NT$.~BT\aliide.sy_ C:\$WIN_NT$.~BT\amsint.sy_ C:\$WIN_NT$.~BT\asc.sy_ C:\$WIN_NT$.~BT\asc3350p.sy_ C:\$WIN_NT$.~BT\asc3550.sy_ C:\$WIN_NT$.~BT\atapi.sy_ C:\$WIN_NT$.~BT\biosinfo.inf C:\$WIN_NT$.~BT\Bootfont.bin C:\$WIN_NT$.~BT\BOOTSECT.DAT C:\$WIN_NT$.~BT\bootvid.dl_ C:\$WIN_NT$.~BT\c_1252.nl_ C:\$WIN_NT$.~BT\c_850.nl_ C:\$WIN_NT$.~BT\cbidf2k.sy_ C:\$WIN_NT$.~BT\cd20xrnt.sy_ C:\$WIN_NT$.~BT\cdfs.sy_ C:\$WIN_NT$.~BT\cdrom.sy_ C:\$WIN_NT$.~BT\classpnp.sy_ C:\$WIN_NT$.~BT\cmdide.sy_ C:\$WIN_NT$.~BT\cpqarray.sy_ C:\$WIN_NT$.~BT\dac2w2k.sy_ C:\$WIN_NT$.~BT\dac960nt.sy_ C:\$WIN_NT$.~BT\disk.sy_ C:\$WIN_NT$.~BT\disk101 C:\$WIN_NT$.~BT\disk102 C:\$WIN_NT$.~BT\disk103 C:\$WIN_NT$.~BT\disk104 C:\$WIN_NT$.~BT\dmboot.sy_ C:\$WIN_NT$.~BT\dmio.sy_ C:\$WIN_NT$.~BT\dmload.sy_ C:\$WIN_NT$.~BT\dpti2o.sy_ C:\$WIN_NT$.~BT\drvmain.sdb C:\$WIN_NT$.~BT\fastfat.sy_ C:\$WIN_NT$.~BT\fdc.sy_ C:\$WIN_NT$.~BT\flpydisk.sy_ C:\$WIN_NT$.~BT\ftdisk.sy_ C:\$WIN_NT$.~BT\hal.dl_ C:\$WIN_NT$.~BT\halacpi.dl_ C:\$WIN_NT$.~BT\halapic.dl_ C:\$WIN_NT$.~BT\halaacpi.dl_ C:\$WIN_NT$.~BT\hidclass.sy_ C:\$WIN_NT$.~BT\hidparse.sy_ C:\$WIN_NT$.~BT\hidusb.sy_ C:\$WIN_NT$.~BT\hpn.sy_ C:\$WIN_NT$.~BT\i2omgmt.sy_ C:\$WIN_NT$.~BT\i2omp.sy_ C:\$WIN_NT$.~BT\i8042prt.sy_ C:\$WIN_NT$.~BT\iastor.sys C:\$WIN_NT$.~BT\ini910u.sy_ C:\$WIN_NT$.~BT\intelide.sy_ C:\$WIN_NT$.~BT\isapnp.sy_ C:\$WIN_NT$.~BT\kbdclass.sy_ C:\$WIN_NT$.~BT\kbdhid.sy_ C:\$WIN_NT$.~BT\kbdno.dll C:\$WIN_NT$.~BT\kd1394.dl_ C:\$WIN_NT$.~BT\kdcom.dl_ C:\$WIN_NT$.~BT\ksecdd.sys C:\$WIN_NT$.~BT\l_intl.nl_ C:\$WIN_NT$.~BT\lbrtfdc.sy_ C:\$WIN_NT$.~BT\migrate.inf C:\$WIN_NT$.~BT\mountmgr.sy_ C:\$WIN_NT$.~BT\mraid35x.sy_ C:\$WIN_NT$.~BT\ntcompat.inf C:\$WIN_NT$.~BT\ntdetect.com C:\$WIN_NT$.~BT\ntfs.sys C:\$WIN_NT$.~BT\ntkrnlmp.ex_ C:\$WIN_NT$.~BT\ohci1394.sy_ C:\$WIN_NT$.~BT\oprghdlr.sy_ C:\$WIN_NT$.~BT\partmgr.sy_ C:\$WIN_NT$.~BT\pci.sy_ C:\$WIN_NT$.~BT\pciide.sy_ C:\$WIN_NT$.~BT\pciidex.sy_ C:\$WIN_NT$.~BT\pcmcia.sy_ C:\$WIN_NT$.~BT\perc2.sy_ C:\$WIN_NT$.~BT\perc2hib.sy_ C:\$WIN_NT$.~BT\ql1080.sy_ C:\$WIN_NT$.~BT\ql10wnt.sy_ C:\$WIN_NT$.~BT\ql12160.sy_ C:\$WIN_NT$.~BT\ql1240.sy_ C:\$WIN_NT$.~BT\ql1280.sy_ C:\$WIN_NT$.~BT\ramdisk.sy_ C:\$WIN_NT$.~BT\sbp2port.sy_ C:\$WIN_NT$.~BT\scsiport.sy_ C:\$WIN_NT$.~BT\serenum.sy_ C:\$WIN_NT$.~BT\serial.sy_ C:\$WIN_NT$.~BT\setupdd.sy_ C:\$WIN_NT$.~BT\setupldr.bin C:\$WIN_NT$.~BT\setupreg.hiv C:\$WIN_NT$.~BT\sfloppy.sy_ C:\$WIN_NT$.~BT\sparrow.sy_ C:\$WIN_NT$.~BT\spcmdcon.sys C:\$WIN_NT$.~BT\spddlang.sy_ C:\$WIN_NT$.~BT\sym_hi.sy_ C:\$WIN_NT$.~BT\sym_u3.sy_ C:\$WIN_NT$.~BT\symc810.sy_ C:\$WIN_NT$.~BT\symc8xx.sy_ C:\$WIN_NT$.~BT\system32\ntdll.dll C:\$WIN_NT$.~BT\system32\smss.exe C:\$WIN_NT$.~BT\tffsport.sy_ C:\$WIN_NT$.~BT\toside.sy_ C:\$WIN_NT$.~BT\txtsetup.sif C:\$WIN_NT$.~BT\ultra.sy_ C:\$WIN_NT$.~BT\unsupdrv.inf C:\$WIN_NT$.~BT\usbccgp.sy_ C:\$WIN_NT$.~BT\usbd.sy_ C:\$WIN_NT$.~BT\usbehci.sy_ C:\$WIN_NT$.~BT\usbhub.sy_ C:\$WIN_NT$.~BT\usbohci.sy_ C:\$WIN_NT$.~BT\usbport.sy_ C:\$WIN_NT$.~BT\usbstor.sy_ C:\$WIN_NT$.~BT\usbuhci.sy_ C:\$WIN_NT$.~BT\vga.sy_ C:\$WIN_NT$.~BT\vga850.fo_ C:\$WIN_NT$.~BT\viaide.sy_ C:\$WIN_NT$.~BT\videoprt.sy_ C:\$WIN_NT$.~BT\winnt.sif C:\$WIN_NT$.~BT\wmilib.sy_ C:\txtsetup.sif C:\WINDOWS\SETA1.tmp C:\WINDOWS\SETA4.tmp C:\WINDOWS\SETB0.tmp . ((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 ))))))))))))))))))))))))))))))) . 2008-08-11 21:37 . 2008-08-11 21:37 2,710,333 --a------ C:\ComboFix01.exe 2008-08-11 07:01 . 2008-08-11 21:32 <DIR> dr-h----- C:\Documents and Settings\\Siste 2008-08-11 06:50 . 2008-08-11 06:50 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-10 21:48 . 2008-08-10 21:48 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-10 21:48 . 2008-08-10 21:48 <DIR> d-------- C:\Documents and Settings\\Programdata\Malwarebytes 2008-08-10 21:48 . 2008-08-10 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-10 21:48 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 21:48 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-27 14:26 . 2008-08-04 22:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-27 14:26 . 2008-07-27 14:26 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-23 15:51 . 2008-07-29 00:02 <DIR> d-------- C:\Programfiler\PokerStars 2008-07-22 23:05 . 2008-04-23 06:22 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-22 23:05 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-22 23:05 . 2007-03-08 07:11 1,007,616 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-22 23:05 . 2008-04-23 06:22 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-22 23:05 . 2008-04-23 06:22 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-22 23:05 . 2008-04-23 06:22 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-22 23:05 . 2008-04-23 06:22 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-22 23:05 . 2008-04-23 06:22 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-22 23:05 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-22 20:05 . 2008-07-22 20:05 <DIR> d-------- C:\Programfiler\Sun 2008-07-22 19:54 . 2008-06-14 19:36 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-22 19:52 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-07-22 19:23 . 2008-04-14 09:22 76,288 --a--c--- C:\WINDOWS\system32\dllcache\wam51.dll 2008-07-22 19:23 . 2008-04-14 09:22 53,248 --a--c--- C:\WINDOWS\system32\dllcache\wamreg51.dll 2008-07-22 19:23 . 2001-10-09 14:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2008-07-22 19:23 . 2001-10-09 14:00 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2008-07-22 19:23 . 2001-10-09 14:00 9,216 --a--c--- C:\WINDOWS\system32\dllcache\wamps51.dll 2008-07-22 19:21 . 2008-04-14 09:21 370,176 --a--c--- C:\WINDOWS\system32\dllcache\asp51.dll 2008-07-22 19:20 . 2008-04-14 09:22 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-07-22 19:18 . 2008-07-22 19:18 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-07-22 19:16 . 2008-04-14 09:23 359,936 --a--c--- C:\WINDOWS\system32\dllcache\wmic.exe 2008-07-22 19:16 . 2008-04-14 09:22 92,672 --a--c--- C:\WINDOWS\system32\dllcache\policman.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-11 19:21 --------- d-----w C:\Documents and Settings\\Programdata\LimeWire 2008-08-11 19:16 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-08-11 19:07 --------- d-----w C:\Documents and Settings\\Programdata\Azureus 2008-08-11 05:38 --------- d-----w C:\Programfiler\Trend Micro 2008-07-22 18:05 --------- d-----w C:\Programfiler\Java 2008-07-07 18:13 --------- d-----w C:\Programfiler\LimeWire 2008-07-02 21:48 --------- d-----w C:\Programfiler\Azureus 2008-07-01 21:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-01 21:25 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-07-01 21:25 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-01 21:25 --------- d-----w C:\Documents and Settings\\Programdata\SUPERAntiSpyware.com 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:36 272,256 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2007-08-04 19:13 12,840 ----a-w C:\Programfiler\ARA.ini 2007-06-04 19:37 456 ----a-w C:\Programfiler\INSTALL.LOG 2007-05-27 18:58 24 ----a-w C:\Programfiler\announce.txt 2007-05-27 18:56 0 ----a-w C:\Programfiler\llh.dll 2007-05-07 15:49 995,410 ----a-w C:\Programfiler\MFC42LU.DLL 2007-05-07 15:49 393,216 ----a-w C:\Programfiler\MSLUP60.dll 2007-05-07 15:49 237,568 ----a-w C:\Programfiler\MSLURT.dll 2007-04-18 08:59 679,936 ----a-w C:\Programfiler\libeay32.dll 2007-04-18 08:59 59,904 ----a-w C:\Programfiler\zlib1.dll 2007-04-18 08:59 147,728 ----a-w C:\Programfiler\ASYCFILT.DLL 2007-04-18 08:59 147,456 ----a-w C:\Programfiler\ssleay32.dll 2006-11-29 16:53 77,824 ----a-w C:\Programfiler\DM.dll 2006-11-07 07:53 258,352 ----a-w C:\Programfiler\UNICOWS.DLL . <pre> ----a-w 13,707,828 2007-12-09 22:02:17 C:\X-tra Utility\K-Lite Codec Pack Full 3.4.5\K-Lite Codec Pack 3.5.7 Full .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 11:12 68856] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56 139264] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064] "DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248] "DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01 86016] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [N/A] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920] "PCSuiteTrayApplication"="C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 10:39 167936] "DataLayer"="C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 10:30 1106944] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-09-24 00:08 49152] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 08:38 69632] "dlccmon.exe"="C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 09:04 425984] "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.EXE" [2008-06-02 14:46 273520] "type32"="C:\Programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "phc700"="C:\WINDOWS\vphc700.exe" [2005-07-20 19:56 339968] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 14:00 208952] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 14:00 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 09:43 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 09:43 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 09:43 455168] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 339968 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:22 15360] "DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-09-24 00:28:44 282624] HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= "C:\Programfiler\McAfee\McAfee AntiSpyware\MssShell.dll" [2004-11-15 01:00 86016] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^TrayMin700.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\TrayMin700.exe.lnk backup=C:\WINDOWS\pss\TrayMin700.exe.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programfiler\\Azureus\\Azureus.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\EA GAMES\\Battlefield 1942\\BF1942.exe"= R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55] R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56] R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 10:58] R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 15:00] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 10:03] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [] S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25] S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25] S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25] S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25] S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 15:21] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bc51cf2-3247-11dd-9af1-000e2e66d518}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b95399fa-a9c5-11dc-9a8f-000e2e66d518}] \Shell\AutoRun\command - I:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-08-11 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-11 21:41:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "IAAnotif"="C:\\Programfiler\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe" . Completion time: 2008-08-11 21:43:06 ComboFix-quarantined-files.txt 2008-08-11 19:42:44 ComboFix2.txt 2008-08-11 13:07:25 ComboFix3.txt 2008-06-30 15:10:25 ComboFix4.txt 2008-06-22 19:07:53 ComboFix5.txt 2008-08-11 19:38:13 Pre-Run: 64,888,336,384 byte ledig Post-Run: 64,881,668,096 byte ledig 324 --- E O F --- 2008-08-08 10:09:01 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:50:05, on 11.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\dlcccoms.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programfiler\Trend Micro\jobb\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://veronikadale.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216749101421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143290832375 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE -- End of file - 11785 bytes Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 Fint. Scriptet fungerte som det skulle. Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Fortell også hvorfor du opprettet denne tråden. Hadde du noen problemer med maskinen, eller ville du bare sjekke? Hvis du hadde noen problemer; hvordan går det med disse nå? Lenke til kommentar
dildi Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Jeg opprettet denne tråden fordi jeg har hatt en del trøbbel med div. tregheter på maskinen, og norman har kommet med noen meldinger om at den har oppdaget virus, orm eller trojan og lagt de i karantene..... Tusen takk for all hjelpen! Her er den siste HJT-loggen: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:13:15, on 11.08.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe C:\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Microsoft IntelliType Pro\type32.exe C:\Programfiler\Microsoft IntelliPoint\point32.exe C:\WINDOWS\vphc700.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\FELLES~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Windows Media Player\WMPNetwk.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\System32\alg.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Trend Micro\jobb\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=no&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O4 - HKLM\..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programfiler\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Programfiler\Fellesfiler\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [type32] "C:\Programfiler\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Hurtigstart.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://veronikadale.spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216749101421 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143290832375 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...836/mcfscan.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programfiler\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE -- End of file - 11579 bytes Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 Hvis du hadde noen problemer; hvordan går det med disse nå? Lenke til kommentar
dildi Skrevet 11. august 2008 Forfatter Del Skrevet 11. august 2008 Har ikke merket noen tregheter enda ihvertfall, så det ser veldig lovende ut... Lenke til kommentar
r2d290 Skrevet 11. august 2008 Del Skrevet 11. august 2008 (endret) Ok. Med mindre du ikke merker noe mer nå, sier vi oss nesten ferdig. Hvis ikke norbat eller SNIPPSAT har noe å tilføre, kan du sende meg en PM om 2-3 dager, så skal jeg gi deg litt siste avsluttende informasjon. Inntil videre: Surf trygt! Endret 11. august 2008 av r2d290 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå